tls

package module

v1.5.0 Latest Latest Go to latest Published: Jul 8, 2023 License: BSD-3-Clause Imports: 41 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/4cq2/tls

README ¶

TLS

Why Trust Is Worth It

https://youtube.com/watch?v=cWypWe9UAhQ

what: TLS module, providing low-level access to the ClientHello for mimicry purposes
where: https://godocs.io/2a.pages.dev/tls
how: blog/how.md
when: blog/when.md
why: blog/why.md

TLS version

The version is actually set in three places:

record version
handshake version
supported versions

with regards to JA3, "handshake version" should always be used. "supported versions" cannot be used, as its an array not a single value. further, "record version" cannot be used, as its deprecated since TLS 1.3. More info:

https://datatracker.ietf.org/doc/html/rfc8446#appendix-D

In summary, the TLSVersion should never be higher than 0x0303 (771), as its locked at that value since TLS 1.3. That means that anyone reporting 772 or higher is wrong.

servers

also:

what about Akamai fingerprint?

Paper says HTTP/2 only:

https://blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf

Confirmed:

> curl --http1.1 https://tls.peet.ws/api/clean
{
  "ja3": "771,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-13172-16-22-23-49-13-43-45-51,29-23-30-25-24,0-1-2",
  "ja3_hash": "ba730f97dcd1122e74e65411e68f1b40",
  "akamai": "-",
  "akamai_hash": "-"
}

I would need to add HTTP/2 support to my existing code:

https://github.com/refraction-networking/utls/blob/9d36ce36/examples/examples.go#L417-L427

So in that case, supporting JA3 is simpler than supporting Akamai.

extensions

https://iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

who

email: srpen6@gmail.com
Discord: srpen6; https://discord.com/invite/WWq6rFb8Rf

Documentation ¶

Overview ¶

Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.

TLS 1.3 is available on an opt-out basis in Go 1.13. To disable it, set the GODEBUG environment variable (comma-separated key=value options) such that it includes "tls13=0".

Index ¶

Variables
type Transport
- func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)
Bugs

Constants ¶

This section is empty.

Variables ¶

View Source

var Android_API_26 = _ClientHelloSpec{
	// contains filtered or unexported fields
}

Functions ¶

This section is empty.

Types ¶

type Transport ¶ added in v1.4.4

type Transport struct {
	Spec _ClientHelloSpec
	// contains filtered or unexported fields
}

func (*Transport) RoundTrip ¶ added in v1.4.4

func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)

Notes ¶

Bugs ¶

The crypto/tls package only implements some countermeasures against Lucky13 attacks on CBC-mode encryption, and only on SHA1 variants. See http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and https://www.imperialviolet.org/2013/02/04/luckythirteen.html.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
blog
2023/proxy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL